|Recon 2011 Internet Filtering by Jacob Appelbaum - Recon|
Internet filtering Many countries in the world perform extensive network surveillance, filtering in the form of website blocking or protocol specific censorship; recently many networked authoritarian events in the Middle East/North Africa and across most of the world have come to light. During some specific political uprisings came increased invasive filtering events. I've run a series of tests in many of these countries, during these events with the specific purpose of identifying specific hard...
Keywords: Recon, Jacob Appelbaum, Internet Censorship, Tor, Recon 2011
|Recon 2011 - Virtdbg by Damien Aumaitre - Recon|
(Bug: if the video is black use the QuickTime video instead) This presentation is about a remote kernel debugger leveraging the hardware virtualization facilities provided by modern processors. The hypervisor is loaded "on the fly" with DMA requests and allow to debug the target without rebooting. The client part leverages the metasm framework. This presentation is about a remote kernel debugger leveraging the hardware virtualization facilities provided by modern processors...
Keywords: Recon; VirtDbg; Reverse Engineering
|Recon 2011 RFID Hacking by Milosch Meriac|
RFID Hacking In the last years RFID did become a ubiquitous part of our life. We are confronted daily with RFID applications in access control systems, as micro-payment, in electronic IDs and public transportation. Despite of the huge impact, still very little is known on many systems out there - questions on security and privacy features remain unanswered by most system vendors. This talks explains how black box RFID systems can be analyzed and reverse engineered to understand the protocols and...
Keywords: Recon, Milosch Meriac, RFID, RFID Hacking, Hacking, OpenPCD
|Recon 2011 - Practical C++ decompilation by Igor Skochinsky - Recon|
(Bug: if the video is black use the QuickTime video instead) Reverse engineers have to analyze more and more code these days, be it is investigation of malware, software security assessment, or RE for interoperability. While plain C code is quite familiar by now, C++ offers new challenges with inheritance, virtual functions, exception handling and so on. I will describe the common problems encountered in C++ reversing and how to deal with them...
Keywords: Reverse Engineering, IDA, Recon, Decompilation
|Recon 2011 - Ghetto Tools for Embedded Analysis by Nathan Fain|
(Bug: if the video is black use the QuickTime video instead) Automated JTAG/serial scanning, building your own FLASH programmer, re-documenting IC's. Using arduino based scanning tools the techniques shown for hacking embedded devices should be accessible to anyone with basic programming skills. This talk will explain the workflow and toolkit to make analysis of nearly any device more accessible. Every layer of design in a device, from logic to software, requires a means for debugging...
|Recon 2011 - Sticky Fingers & KBC Custom Shop by Alexandre Gazet - Recon|
(Bug: if the video is black use the QuickTime video instead) Firmware and embedded software have already targets of choice in the past. In the same spirit, this talk will discuss about how an attacker can take advantages of a laptop's keyboard controller. The keyboard controller (KBC) or embedded controller (EC) is most often an unknown component of our laptop. It is an independent computation unit, alongside the main processor...
|Recon 2011 - Hardware Stuff for Software People By Stephen Ridley - Recon|
This talk will be an introduction to doing "hardware stuff" stuff, for people accustomed to plying their trade against software. I will discuss how to build tools (and use existing tools) to sniff/spy on a variety of hardware communications channels from UART Serial (the kind in your computer) to the very ubiquitous SPI/I2C serial busses used in virtual everything (from EEPROM in your portable DVD player to the HDMI/VGA cables between your computer and monitor)...
Keywords: Recon; Hardware; Reverse Engineering
|Recon 2011 - AndBug -- A Scriptable Debugger for Android's Dalvik Virtual Machine by Scott Dunlop - Recon|
The Dalvik Virtual Machine supports using Eclipse and JDB to enable developers to debug their Android applications; when used with decompiled sources, these tools become balky and clumsy, making reverse engineering Dalvik applications harder than it has to be. Scott Dunlop will unveil AndBug, a scriptable open source debugger targeting Dalvik applications intended to be used by reverse engineers to script breakpoints that can trace process flow and change state.
Keywords: Recon; android; dalvik
|Recon 2011 Gregory Kerr - Checkpoint-Restart: Proprietary Hardware and the "Spiderweb API"|
Checkpoint-Restart: Proprietary Hardware and the "Spiderweb API" This summary describes a package to transparently checkpoint and restart applications which run over Infiniband. Infiniband is rapidly growing as a high-speed interconnect, even appearing on departmental clusters. The current work grew out of the needs of high performance computing. As of November, 2010, 43% of the TOP500 supercomputers run Infiniband...
Keywords: Recon 2011, Recon, Reverse Engineering, Infiniband
|Recon 2011 - Mach shellcodes and OS X injectable rootkits by Jesse D'Aguanno|
Mach shellcodes and OS X injectable rootkits The mach subsystem on OS X has several interfaces which can be leveraged by an attacker to subvert the OS and write directly to the memory of other processes, including the kernel, allowing us to replace code, overwrite data structures, etc. I demonstrated some of these techniques and an example OS X kernel rootkit ("iRK") a couple of years ago at Black Hat...
Keywords: recon; rootkit
|Recon 2011 - How to develop a rootkit for Broadcom NetExtreme network cards by Guillaume DelugrÃ© - Recon|
(Bug: if the video is black use the QuickTime video instead) Among all possible devices, network cards are particularly interesting for a attacker wishing to develop a rootkit : - They offer direct communication with the attacker over the network link - They offer direct memory access to kernel physical pages over the PCI link Despite the fact that the feasability of a rootkit in a network card had already been considered (A...
Keywords: Recon; Rootkit
|Recon 2011 - The Importance of Making a Good Impression by Babak Javadi and Deviant Ollam - Recon|
(Bug: if the video is black use the QuickTime video instead) When you lose a key and call a locksmith, most of the time one of two things will happen... they will either pick the lock or drill it. In either case you're typically left with a door that's open, but not with the means of operating it again. What if we told you that you could not only open a lock but also /create a working key/ out of nothing at all in ways that are nearly undetectable...
Keywords: Recon; Lock Picking; Impressioning
|Recon 2011 - "Shatter"ing the Windows Message Passing Architecture and Security Model by Alex Ionescu - Recon|
(Bug: if the video is black use the QuickTime video instead) Windows employs a variety of security boundaries aimed to contain message passing between graphical windows owned by various processes running on a system. All windows are protected within a Desktop object, and cross-Desktop message passing is blocked. Furthermore, all desktops are contained in a Window Station object, and cross-Window Station clipboard access (among other things) is blocked, as is accessing atoms...